aaron_apps-permissions | Stripe Developers | Page 1

late larkBOT Dec 13, 2024, 4:24 PM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1317165168144416849

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

leaden monolith Dec 13, 2024, 4:24 PM

#

I don't have a request ID this time around because right as I go to make this post I stop getting Captcha'd hahaha

#

But if there's a way to view my previous threads here, I spoke about this before. I went on a trip so it got backburnered

#

I've got request IDs in there, pics of the network requests, etc.

#

If I remember correctly, Captchas inside Checkout Sessions are supposed to fall under the mandate_read permission, which is inherited under checkout_session_read/write.

For some reason, the checkout session made by the Stripe App still doesn't have permission to handle Captchas.

When they complete the Captcha we see the "Something went wrong" badge in checkout, and the network request shows a "This Stripe app doesn't have permission to blah blah blah" under a Stripe captcha endpoint

thin skyBOT Dec 13, 2024, 4:37 PM

#

calm grove Dec 13, 2024, 4:40 PM

#

Hi 👋 I'll try to find the previous thread you're referring to, because I'm not sure I've seen what you're referring to before.

#

This one?
#dev-help message

late larkBOT Dec 13, 2024, 4:45 PM

#

calm grove Dec 13, 2024, 4:46 PM

#

Do you have a list of what permissions you have currently setup for your app?

#

Based on what I'm seeing from that old request, I believe you're missing:

mandate_read
payment_method_client_read
setup_intent_write

leaden monolith Dec 13, 2024, 5:00 PM

#

      "permission": "checkout_session_read",
      "purpose": "Allows your customers to purchase plans through Priceable pricing tables."
    },
    {
      "permission": "checkout_session_write",
      "purpose": "Allows your customers to purchase plans through Priceable pricing tables."
    },
    {
      "permission": "customer_read",
      "purpose": "Allows Priceable to create customers during the checkout process."
    },
    {
      "permission": "customer_write",
      "purpose": "Allows Priceable to create customers during the checkout process."
    },
    {
      "permission": "product_read",
      "purpose": "To show your products in your pricing table."
    },
    {
      "permission": "plan_read",
      "purpose": "To show your prices in your pricing table."
    },
    {
      "permission": "promotion_code_read",
      "purpose": "Apply coupons to your pricing table (optional)."
    },
    {
      "permission": "customer_portal_read",
      "purpose": "For buttons that send your customer to their billing portal."
    },
    {
      "permission": "customer_portal_write",
      "purpose": "For buttons that send your customer to their billing portal."
    },
    {
      "permission": "payment_intent_read",
      "purpose": "Allows your customers to purchase plans through Priceable pricing tables."
    },
    {
      "permission": "payment_intent_write",
      "purpose": "Allows your customers to purchase plans through Priceable pricing tables."
    },
    {
      "permission": "charge_read",
      "purpose": "Allows your customers to purchase plans through Priceable pricing tables."
    },
    {
      "permission": "charge_write",
      "purpose": "Allows your customers to purchase plans through Priceable pricing tables."
    },
    {
      "permission": "payment_method_read",
      "purpose": "Allows your customers to purchase plans through Priceable pricing tables."
    },
    {
      "permission": "payment_method_write",
      "purpose": "Allows your customers to purchase plans through Priceable pricing tables."
    },
    {
      "permission": "quote_read",
      "purpose": "Allows your customers to purchase plans through Priceable pricing tables."
    },
    {
      "permission": "subscription_read",
      "purpose": "Allows your customers to purchase plans through Priceable pricing tables."
    },
    {
      "permission": "coupon_read",
      "purpose": "Apply coupons to your pricing table (optional)."
    },
    {
      "permission": "event_read",
      "purpose": "Allows reading event data from the Priceable Stripe App"
    }```

#

#

But aren't these permissions implied if we have checkout_sessions_r/w?

calm grove Dec 13, 2024, 5:02 PM

#

I don't see setup_intent_write in that list.

#

Maybe it's cropped out?

leaden monolith Dec 13, 2024, 5:06 PM

#

ooo interesting it's not

#

i thought that was implied but it's just read not write

#

okay i'll add that to my permission list and see if i hit this wall again

#

seems like it should be implied by default for developer experience. i imagine if you want to make checkout sessions you also want to consider the edge case they get hit with a captcha without needing a different set of permissions

#aaron_apps-permissions